As of v0.9.1 the DAM adds IAM conditions to GCP IAM grants that enforce expiration based on the TTL of a requested token/key. The date/time used for these conditions appears to be calculated based on the local-time without consideration of the offset from UTC. This results in IAM conditions that cause a role to never be valid, or to expire later than intended.
In practice, the impact is low because most servers are configured to use UTC as their local timezone, but this makes local development for developers living in timezones with negative offsets difficult, as granted roles will expire at a UTC time that has already passed at the time of being issued.
As of v0.9.1 the DAM adds IAM conditions to GCP IAM grants that enforce expiration based on the TTL of a requested token/key. The date/time used for these conditions appears to be calculated based on the local-time without consideration of the offset from UTC. This results in IAM conditions that cause a role to never be valid, or to expire later than intended.
In practice, the impact is low because most servers are configured to use UTC as their local timezone, but this makes local development for developers living in timezones with negative offsets difficult, as granted roles will expire at a UTC time that has already passed at the time of being issued.